Malware campaign misusing stolen valid digital certificates from Taiwanese tech-companies to sign their malware and making them look like legitimate applications. Digital certificates issued by a trusted certificate authority are used to cryptographically sign computer applications and software and are trusted by your computer for execution of those programs without any warning messages. The Stuxnet worm that targeted Iranian nuclear processing facilities in 2003 also used valid certificates. Researchers notified both D-link and Changing Information Technology about the issue, and the companies revoked the compromised digital certificates on July 3 and July 4, 2018, respectively.
Source: https://thehackernews.com/2018/07/digital-certificate-malware.html